In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "match_only_versions": [ "8.1" ], "digest": { "threshold": 0.9, "line_hashes": [ "42020041142383304235704306891537256141", "289934566830103813684344594208716515753", "294823526023680949263775857811810283566", "58840809258217128192670445423050767198", "114505818128068924874392892140143823310", "200823653085316894711538114895378009509", "116627824074158765931383902233516993180" ] }, "id": "ASB-A-169255797-273d510b", "source": "https://android.googlesource.com/platform/frameworks/base/+/5791303c20964bcf83eb1a046f3ce256e10d43c6", "deprecated": false, "signature_version": "v1", "target": { "file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java" }, "signature_type": "Line" }, { "digest": { "length": 603.0, "function_hash": "238518792499284688356094374625581676253" }, "id": "ASB-A-169255797-acc20021", "source": "https://android.googlesource.com/platform/frameworks/base/+/8875da5207678f41b6ec90800d1bf2d03327bd05", "deprecated": false, "signature_version": "v1", "target": { "file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java", "function": "updateDrawable" }, "signature_type": "Function" }, { "digest": { "length": 442.0, "function_hash": "230009974099059748614225976415562516999" }, "id": "ASB-A-169255797-b027e0f8", "source": "https://android.googlesource.com/platform/frameworks/base/+/5791303c20964bcf83eb1a046f3ce256e10d43c6", "deprecated": false, "signature_version": "v1", "target": { "file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java", "function": "updateDrawable" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "209994878309430805395706290204032689098", "125461065251237585907190888088422299913", "224624817943320447785708540466415237733", "71208829877305823311535501649155661884", "206844852653315512871748239391478303695", "264794641393320405473911995224949025240", "229794932618266376197057428186312067384", "9888884701803256020115703459151666033", "248118567324138200637685791802372116318", "176566262648722621492230475312950332568", "73147827167205304033947538896651956086", "157528758180396483875238243954832899485", "115818958425564811982751823721669419214", "2408185724002910366505306683815659384" ] }, "id": "ASB-A-169255797-bc473c40", "source": "https://android.googlesource.com/platform/frameworks/base/+/8875da5207678f41b6ec90800d1bf2d03327bd05", "deprecated": false, "signature_version": "v1", "target": { "file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/5791303c20964bcf83eb1a046f3ce256e10d43c6", "https://android.googlesource.com/platform/frameworks/base/+/8875da5207678f41b6ec90800d1bf2d03327bd05" ], "spl": "2021-06-05", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 442.0, "function_hash": "230009974099059748614225976415562516999" }, "id": "ASB-A-169255797-84402102", "source": "https://android.googlesource.com/platform/frameworks/base/+/c508aed10f739352a7bbf005dea2cb672e74b1ee", "deprecated": false, "signature_version": "v1", "target": { "file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java", "function": "updateDrawable" }, "signature_type": "Function" }, { "digest": { "length": 603.0, "function_hash": "238518792499284688356094374625581676253" }, "id": "ASB-A-169255797-8542a610", "source": "https://android.googlesource.com/platform/frameworks/base/+/00b65a29631032fb3d7710f5c5a13d0a15fdda5d", "deprecated": false, "signature_version": "v1", "target": { "file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java", "function": "updateDrawable" }, "signature_type": "Function" }, { "match_only_versions": [ "9" ], "digest": { "threshold": 0.9, "line_hashes": [ "42020041142383304235704306891537256141", "289934566830103813684344594208716515753", "294823526023680949263775857811810283566", "58840809258217128192670445423050767198", "114505818128068924874392892140143823310", "200823653085316894711538114895378009509", "116627824074158765931383902233516993180" ] }, "id": "ASB-A-169255797-bbb44a04", "source": "https://android.googlesource.com/platform/frameworks/base/+/c508aed10f739352a7bbf005dea2cb672e74b1ee", "deprecated": false, "signature_version": "v1", "target": { "file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "167682451478170391322088494545066908104", "125461065251237585907190888088422299913", "224624817943320447785708540466415237733", "71208829877305823311535501649155661884", "206844852653315512871748239391478303695", "264794641393320405473911995224949025240", "229794932618266376197057428186312067384", "9888884701803256020115703459151666033", "248118567324138200637685791802372116318", "176566262648722621492230475312950332568", "73147827167205304033947538896651956086", "157528758180396483875238243954832899485", "115818958425564811982751823721669419214", "2408185724002910366505306683815659384" ] }, "id": "ASB-A-169255797-eca68dca", "source": "https://android.googlesource.com/platform/frameworks/base/+/00b65a29631032fb3d7710f5c5a13d0a15fdda5d", "deprecated": false, "signature_version": "v1", "target": { "file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/c508aed10f739352a7bbf005dea2cb672e74b1ee", "https://android.googlesource.com/platform/frameworks/base/+/00b65a29631032fb3d7710f5c5a13d0a15fdda5d" ], "spl": "2021-06-05", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "match_only_versions": [ "10" ], "digest": { "threshold": 0.9, "line_hashes": [ "42020041142383304235704306891537256141", "289934566830103813684344594208716515753", "294823526023680949263775857811810283566", "58840809258217128192670445423050767198", "114505818128068924874392892140143823310", "200823653085316894711538114895378009509", "116627824074158765931383902233516993180" ] }, "id": "ASB-A-169255797-4d060390", "source": "https://android.googlesource.com/platform/frameworks/base/+/46ada71fbcb36c624ff29a3cd734775bc4853e6a", "deprecated": false, "signature_version": "v1", "target": { "file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "167682451478170391322088494545066908104", "125461065251237585907190888088422299913", "224624817943320447785708540466415237733", "71208829877305823311535501649155661884", "206844852653315512871748239391478303695", "264794641393320405473911995224949025240", "229794932618266376197057428186312067384", "9888884701803256020115703459151666033", "248118567324138200637685791802372116318", "176566262648722621492230475312950332568", "73147827167205304033947538896651956086", "157528758180396483875238243954832899485", "115818958425564811982751823721669419214", "2408185724002910366505306683815659384" ] }, "id": "ASB-A-169255797-70562fff", "source": "https://android.googlesource.com/platform/frameworks/base/+/92106a58df860553ecab2adb8a6e60e53a8a31e0", "deprecated": false, "signature_version": "v1", "target": { "file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java" }, "signature_type": "Line" }, { "digest": { "length": 603.0, "function_hash": "238518792499284688356094374625581676253" }, "id": "ASB-A-169255797-fa2319a1", "source": "https://android.googlesource.com/platform/frameworks/base/+/92106a58df860553ecab2adb8a6e60e53a8a31e0", "deprecated": false, "signature_version": "v1", "target": { "file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java", "function": "updateDrawable" }, "signature_type": "Function" }, { "digest": { "length": 442.0, "function_hash": "230009974099059748614225976415562516999" }, "id": "ASB-A-169255797-fecc3ae0", "source": "https://android.googlesource.com/platform/frameworks/base/+/46ada71fbcb36c624ff29a3cd734775bc4853e6a", "deprecated": false, "signature_version": "v1", "target": { "file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java", "function": "updateDrawable" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/46ada71fbcb36c624ff29a3cd734775bc4853e6a", "https://android.googlesource.com/platform/frameworks/base/+/92106a58df860553ecab2adb8a6e60e53a8a31e0" ], "spl": "2021-06-05", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "match_only_versions": [ "11" ], "digest": { "threshold": 0.9, "line_hashes": [ "42020041142383304235704306891537256141", "289934566830103813684344594208716515753", "294823526023680949263775857811810283566", "58840809258217128192670445423050767198", "114505818128068924874392892140143823310", "200823653085316894711538114895378009509", "116627824074158765931383902233516993180" ] }, "id": "ASB-A-169255797-25712e80", "source": "https://android.googlesource.com/platform/frameworks/base/+/def75584a3f1a375685f1520fe5df506e8dcfa77", "deprecated": false, "signature_version": "v1", "target": { "file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java" }, "signature_type": "Line" }, { "digest": { "length": 603.0, "function_hash": "238518792499284688356094374625581676253" }, "id": "ASB-A-169255797-4f41ae06", "source": "https://android.googlesource.com/platform/frameworks/base/+/001d4e68bbebc14132a13b21c38c5fb6af9034a3", "deprecated": false, "signature_version": "v1", "target": { "file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java", "function": "updateDrawable" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "167682451478170391322088494545066908104", "125461065251237585907190888088422299913", "224624817943320447785708540466415237733", "71208829877305823311535501649155661884", "206844852653315512871748239391478303695", "264794641393320405473911995224949025240", "229794932618266376197057428186312067384", "9888884701803256020115703459151666033", "248118567324138200637685791802372116318", "176566262648722621492230475312950332568", "73147827167205304033947538896651956086", "157528758180396483875238243954832899485", "115818958425564811982751823721669419214", "2408185724002910366505306683815659384" ] }, "id": "ASB-A-169255797-768f5d7a", "source": "https://android.googlesource.com/platform/frameworks/base/+/001d4e68bbebc14132a13b21c38c5fb6af9034a3", "deprecated": false, "signature_version": "v1", "target": { "file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java" }, "signature_type": "Line" }, { "digest": { "length": 442.0, "function_hash": "230009974099059748614225976415562516999" }, "id": "ASB-A-169255797-ac41a920", "source": "https://android.googlesource.com/platform/frameworks/base/+/def75584a3f1a375685f1520fe5df506e8dcfa77", "deprecated": false, "signature_version": "v1", "target": { "file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java", "function": "updateDrawable" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/def75584a3f1a375685f1520fe5df506e8dcfa77", "https://android.googlesource.com/platform/frameworks/base/+/001d4e68bbebc14132a13b21c38c5fb6af9034a3" ], "spl": "2021-06-05", "severity": "High", "types": [ "EoP" ] }